Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!
Last week, there were 164 vulnerabilities disclosed in 145 WordPress Plugins and 7 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 73 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-698 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-696 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-693 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 117 |
| Unpatched | 47 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 147 |
| High Severity | 14 |
| Critical Severity | 3 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 87 |
| Missing Authorization | 38 |
| Cross-Site Request Forgery (CSRF) | 8 |
| Deserialization of Untrusted Data | 5 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
| Exposure of Sensitive Information to an Unauthorized Actor | 3 |
| Improper Access Control | 2 |
| Improper Control of Generation of Code ('Code Injection') | 2 |
| Server-Side Request Forgery (SSRF) | 2 |
| URL Redirection to Untrusted Site ('Open Redirect') | 2 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere | 1 |
| External Control of Assumed-Immutable Web Parameter | 1 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
| Improper Input Validation | 1 |
| Insecure Storage of Sensitive Information | 1 |
| Insertion of Sensitive Information into Log File | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
| Use of Insufficiently Random Values | 1 |
| Use of Less Trusted Source | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 16 | |
| 15 | |
| 11 | |
| 10 | |
| 8 | |
| 8 | |
| 8 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | interactive-3d-flipbook-powered-physics-engine |
| 5280 Bootstrap Modal Contact Form | 5280-bootstrap-modal-contact-form |
| AA Cash Calculator | aa-calculator |
| Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | academy |
| ACF Front End Editor | acf-front-end-editor |
| ACF On-The-Go | acf-on-the-go |
| Admin Page Spider | admin-page-spider |
| AJAX Login and Registration modal popup + inline form | ajax-login-and-registration-modal-popup |
| All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic | all-in-one-seo-pack |
| All-in-One Addons for Elementor – WidgetKit | widgetkit-for-elementor |
| All-in-One Video Gallery | all-in-one-video-gallery |
| Alt Text AI – Automatically generate image alt text for SEO and accessibility | alttext-ai |
| Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) | wp-analytify |
| AnnounceKit | announcekit |
| Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms | stop-spammer-registrations-plugin |
| Archives Calendar Widget | archives-calendar-widget |
| ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
| AWeber for WooCommerce | woocommerce-aweber-newsletter-subscription |
| Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. | barcode-scanner-lite-pos-to-manage-products-inventory-and-orders |
| Booster Extension | booster-extension |
| Booster for WooCommerce | woocommerce-jetpack |
| Breakdance | breakdance |
| BuddyPress | buddypress |
| Calendar | calendar |
| Call / Contact Button | button-contact-vr |
| Carousel Slider | carousel-slider |
| ChatBot Conversational Forms | conversational-forms |
| CodeBard's Patron Button and Widgets for Patreon | patron-button-and-widgets-by-codebard |
| ConvertPlus | convertplug |
| Cost Calculator Builder PRO | cost-calculator-builder-pro |
| CPO Companion | cpo-companion |
| Custom WooCommerce Checkout Fields Editor | add-fields-to-checkout-page-woocommerce |
| Customer Email Verification for WooCommerce | emails-verification-for-woocommerce |
| Debug Log Manager | debug-log-manager |
| Democracy Poll | democracy-poll |
| Different Menu in Different Pages – Control Menu Visibility (All in One) | different-menus-in-different-pages |
| Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings | directorist |
| Drag and Drop Multiple File Upload – Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
| EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory | ean-for-woocommerce |
| Easy Restaurant Table Booking | easy-table-booking |
| Eleblog – Elementor Blog And Magazine Addons | ele-blog |
| Elementor Addon Elements | addon-elements-for-elementor-page-builder |
| Elementor ImageBox | fd-elementor-imagebox |
| Elementor Website Builder Pro | elementor-pro |
| ElementsKit Elementor addons | elementskit-lite |
| ElementsReady Addons for Elementor | element-ready-lite |
| Embed Google Fonts | embed-google-fonts |
| Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
| Event Monster – Event Management, Tickets Booking, Upcoming Event | event-monster |
| EventON | eventon-lite |
| Exclusive Addons for Elementor | exclusive-addons-for-elementor |
| Fancy Elementor Flipbox | fancy-elementor-flipbox |
| Flattr | flattr |
| Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | folders |
| Follow Us Badges | wpsite-follow-us-badges |
| Giphypress | giphypress |
| Google Doc Embedder | google-document-embedder |
| Google Typography | google-typography |
| Grid Gallery – Photo Image Grid Gallery | new-grid-gallery |
| Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor | front-editor |
| Gutenberg Blocks with AI by Kadence WP – Page Builder Features | kadence-blocks |
| GWP-Histats | gwp-histats |
| IDonate – Blood Donation, Request And Donor Management System | idonate |
| Import and export users and customers | import-users-from-csv-with-meta |
| Inline Google Spreadsheet Viewer | inline-google-spreadsheet-viewer |
| iPages Flipbook For WordPress | ipages-flipbook |
| iPanorama 360 – WordPress Virtual Tour Builder | ipanorama-360-virtual-tour-builder-lite |
| Jeg Elementor Kit | jeg-elementor-kit |
| JW Player for WordPress | jw-player-7-for-wp |
| LA-Studio Element Kit for Elementor | lastudio-element-kit |
| Last Viewed Posts by WPBeginner | last-viewed-posts |
| LeadConnector | leadconnector |
| Login Logout Register Menu | login-logout-register-menu |
| Login with phone number | login-with-phone-number |
| MailerLite – Signup forms (official) | official-mailerlite-sign-up-forms |
| Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations | master-addons |
| Masteriyo LMS – eLearning and Online Course Builder for WordPress | learning-management-system |
| MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
| MDTF – Meta Data and Taxonomies Filter | wp-meta-data-filter-and-taxonomy-filter |
| Media Cleaner: Clean your WordPress! | media-cleaner |
| Mhr Post Ticker | mhr-post-ticker |
| Min and Max Purchase for WooCommerce | min-and-max-purchase-for-woocommerce |
| Mini Loops | mini-loops |
| Mooberry Book Manager | mooberry-book-manager |
| PB MailCrypt – AntiSpam Email Encryption | pb-mailcrypt-antispam-email-encryption |
| Perfect Pullquotes | perfect-pullquotes |
| Pet Manager | pet-manager |
| Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery | new-photo-gallery |
| Photo Gallery, Images, Slider in Rbs Image Gallery | robo-gallery |
| Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | ays-popup-box |
| Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder | ajax-filter-posts |
| Premium Addons for Elementor | premium-addons-for-elementor |
| Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce | a4-barcode-generator |
| Print My Blog – Print, PDF, & eBook Converter WordPress Plugin | print-my-blog |
| Print-O-Matic | print-o-matic |
| Progressive WordPress (PWA) | progressive-wp |
| PropertyHive | propertyhive |
| Rank Math SEO – AI SEO Tools to Dominate SEO Rankings | seo-by-rank-math |
| Realtyna Organic IDX plugin + WPL Real Estate | real-estate-listing-realtyna-wpl |
| RegistrationMagic – User Registration Plugin with Custom Registration Forms | custom-registration-form-builder-with-submission-manager |
| ReviewX – Multi-criteria Rating & Reviews for WooCommerce | reviewx |
| RomethemeKit For Elementor | rometheme-for-elementor |
| rtMedia for WordPress, BuddyPress and bbPress | buddypress-media |
| Sailthru Triggermail | sailthru-triggermail |
| SEOPress – On-site SEO | wp-seopress |
| Share This Image | share-this-image |
| Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration – FlexTable | sheets-to-wp-table-live-sync |
| ShopLentor – WooCommerce Builder for Elementor & Gutenberg +16 Modules – All in One Solution (formerly WooLentor) | woolentor-addons |
| Simple Basic Contact Form | simple-basic-contact-form |
| Simple Image Popup | simple-image-popup |
| Simple Membership | simple-membership |
| SimpleShop | simpleshop-cz |
| Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) | sina-extension-for-elementor |
| Slider Revolution | revslider |
| Sliding Widgets | sliding-widgets |
| Social Icons Widget & Block by WPZOOM | social-icons-widget-by-wpzoom |
| Social Share Icons & Social Share Buttons | ultimate-social-media-plus |
| SP Project & Document Manager | sp-client-document-manager |
| Subway – Private Site Option | subway |
| Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder | supreme-modules-for-divi |
| Survey Maker | survey-maker |
| SVS Pricing Tables | svs-pricing-tables |
| Swift Framework | swift-framework |
| Sydney Toolbox | sydney-toolbox |
| Tabellen von faustball.com | docollipics-faustball-de |
| Testimonial Slider | testimonial-slider |
| The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | the-post-grid |
| The School Management Pro | school-management-pro |
| TweetScroll Widget | tweetscroll-widget |
| Ultimate Under Construction | ultimate-under-construction |
| Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery | new-video-gallery |
| Web Push Notifications – Webpushr | webpushr-web-push-notifications |
| Where Did You Hear About Us Checkout Field for WooCommerce | wc-customer-source |
| Woo Total Sales | woo-total-sales |
| WordPress Flipbook by Supsystic | digital-publications-by-supsystic |
| WordPress Header Builder Plugin – Pearl | pearl-header-builder |
| WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | erp |
| WP Recipe Maker | wp-recipe-maker |
| WP Shortcodes Plugin — Shortcodes Ultimate | shortcodes-ultimate |
| WP Video Lightbox | wp-video-lightbox |
| WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More | wpforms-lite |
| WPify Woo Czech | wpify-woo |
| WTI Like Post | wti-like-post |
| XServer Migrator | xserver-migrator |
| ZD YouTube FLV Player | zd-youtube-flv-player |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Adventure Journal | adventure-journal |
| Blocksy | blocksy |
| Edge | edge |
| Freesia Empire | freesia-empire |
| Pliska | pliska |
| Restaurant and Cafe | restaurant-and-cafe |
| Unique | unique |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-3070
CVE-2024-3070
Patch Status
Patched
Patched
Published
May 2, 2024
May 2, 2024
Affected Software
Last Viewed Posts by WPBeginner
Last Viewed Posts by WPBeginner
Researcher
CVE-ID
CVE-2024-33911
CVE-2024-33911
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
The School Management Pro
The School Management Pro
Researcher
CVE-ID
CVE-2024-34434
CVE-2024-34434
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
MDTF – Meta Data and Taxonomies Filter
MDTF – Meta Data and Taxonomies Filter
Researcher
CVE-ID
CVE-2024-4033
CVE-2024-4033
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
All-in-One Video Gallery
All-in-One Video Gallery
Researcher
Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-ID
CVE-2024-2661
CVE-2024-2661
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
CVE-ID
CVE-2024-2831
CVE-2024-2831
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Calendar
Calendar
Researcher
CVE-ID
CVE-2024-3240
CVE-2024-3240
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
ConvertPlus
ConvertPlus
Researcher
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-ID
Unknown
Unknown
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
rtMedia for WordPress, BuddyPress and bbPress
rtMedia for WordPress, BuddyPress and bbPress
Researcher
CVE-ID
CVE-2024-34384
CVE-2024-34384
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
CVE-ID
CVE-2024-33913
CVE-2024-33913
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
XServer Migrator
XServer Migrator
Researcher
CVE-ID
CVE-2024-2663
CVE-2024-2663
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
ZD YouTube FLV Player
ZD YouTube FLV Player
Researcher
CVE-ID
CVE-2024-4185
CVE-2024-4185
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Customer Email Verification for WooCommerce
Customer Email Verification for WooCommerce
Researcher
CVE-ID
CVE-2024-1895
CVE-2024-1895
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Event Monster – Event Management, Tickets Booking, Upcoming Event
Event Monster – Event Management, Tickets Booking, Upcoming Event
Researcher
CVE-ID
CVE-2024-1897
CVE-2024-1897
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Grid Gallery – Photo Image Grid Gallery
Grid Gallery – Photo Image Grid Gallery
Researcher
CVE-ID
CVE-2024-1896
CVE-2024-1896
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
CVE-ID
CVE-2024-4097
CVE-2024-4097
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Cost Calculator Builder PRO
Cost Calculator Builder PRO
Researcher
CVE-ID
CVE-2024-1173
CVE-2024-1173
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Researcher
CVE-ID
CVE-2024-3957
CVE-2024-3957
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
Booster for WooCommerce
Booster for WooCommerce
Researcher
CVE-ID
CVE-2024-1371
CVE-2024-1371
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
LeadConnector
LeadConnector
Researcher
CVE-ID
CVE-2024-3883
CVE-2024-3883
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Researcher
CVE-ID
CVE-2024-33953
CVE-2024-33953
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Adventure Journal
Adventure Journal
Researcher
CVE-ID
CVE-2024-33918
CVE-2024-33918
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
AJAX Login and Registration modal popup + inline form
AJAX Login and Registration modal popup + inline form
Researcher
CVE-ID
CVE-2024-3554
CVE-2024-3554
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Researcher
CVE-ID
CVE-2024-3368
CVE-2024-3368
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Researcher
CVE-ID
CVE-2024-4158
CVE-2024-4158
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Blocksy
Blocksy
Researcher
Breakdance <= 1.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta
6.4
CVE-ID
CVE-2023-6854
CVE-2023-6854
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Breakdance
Breakdance
Researcher
CVE-ID
CVE-2024-3974
CVE-2024-3974
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
BuddyPress
BuddyPress
Researcher
CVE-ID
CVE-2024-33916
CVE-2024-33916
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
CPO Companion
CPO Companion
Researcher
Edge <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name
6.4
CVE-ID
CVE-2024-34376
CVE-2024-34376
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Edge
Edge
Researcher
CVE-ID
CVE-2024-33945
CVE-2024-33945
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Eleblog – Elementor Blog And Magazine Addons
Eleblog – Elementor Blog And Magazine Addons
Researcher
CVE-ID
CVE-2024-3743
CVE-2024-3743
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Elementor Addon Elements
Elementor Addon Elements
Researcher
CVE-ID
CVE-2024-3074
CVE-2024-3074
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Elementor ImageBox
Elementor ImageBox
Researchers
CVE-ID
CVE-2024-4107
CVE-2024-4107
Patch Status
Patched
Patched
Published
May 2, 2024
May 2, 2024
Affected Software
Elementor Website Builder Pro
Elementor Website Builder Pro
Researcher
CVE-ID
CVE-2024-3650
CVE-2024-3650
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
ElementsKit Elementor addons
ElementsKit Elementor addons
Researcher
CVE-ID
CVE-2024-34374
CVE-2024-34374
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
ElementsReady Addons for Elementor
ElementsReady Addons for Elementor
Researcher
CVE-ID
CVE-2024-4156
CVE-2024-4156
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Researcher
CVE-ID
CVE-2024-2349
CVE-2024-2349
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Fancy Elementor Flipbox
Fancy Elementor Flipbox
Researcher
CVE-ID
CVE-2024-3280
CVE-2024-3280
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
Follow Us Badges
Follow Us Badges
Researcher
CVE-ID
CVE-2024-33955
CVE-2024-33955
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Freesia Empire
Freesia Empire
Researcher
CVE-ID
CVE-2024-33927
CVE-2024-33927
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Giphypress
Giphypress
Researcher
CVE-ID
CVE-2024-0216
CVE-2024-0216
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Google Doc Embedder
Google Doc Embedder
Researcher
CVE-ID
CVE-2024-2273
CVE-2024-2273
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Researcher
CVE-ID
CVE-2024-33926
CVE-2024-33926
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
GWP-Histats
GWP-Histats
Researcher
CVE-ID
CVE-2024-3674
CVE-2024-3674
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Inline Google Spreadsheet Viewer
Inline Google Spreadsheet Viewer
Researcher
CVE-ID
CVE-2024-0334
CVE-2024-0334
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Jeg Elementor Kit
Jeg Elementor Kit
Researcher
CVE-ID
CVE-2024-3161
CVE-2024-3161
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Jeg Elementor Kit
Jeg Elementor Kit
Researcher
CVE-ID
CVE-2024-3005
CVE-2024-3005
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
LA-Studio Element Kit for Elementor
LA-Studio Element Kit for Elementor
Researcher
CVE-ID
CVE-2024-33932
CVE-2024-33932
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Login Logout Register Menu
Login Logout Register Menu
Researcher
CVE-ID
CVE-2024-1386
CVE-2024-1386
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
MailerLite – Signup forms (official)
MailerLite – Signup forms (official)
Researcher
CVE-ID
CVE-2024-4265
CVE-2024-4265
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Researcher
CVE-ID
CVE-2024-33934
CVE-2024-33934
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Mini Loops
Mini Loops
Researcher
CVE-ID
CVE-2024-33935
CVE-2024-33935
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
PB MailCrypt – AntiSpam Email Encryption
PB MailCrypt – AntiSpam Email Encryption
Researcher
CVE-ID
CVE-2024-33951
CVE-2024-33951
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Perfect Pullquotes
Perfect Pullquotes
Researcher
Pliska <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name
6.4
CVE-ID
CVE-2024-33954
CVE-2024-33954
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Pliska
Pliska
Researcher
CVE-ID
CVE-2024-1679
CVE-2024-1679
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Researcher
CVE-ID
CVE-2024-33936
CVE-2024-33936
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Print-O-Matic
Print-O-Matic
Researcher
CVE-ID
CVE-2024-34381
CVE-2024-34381
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
PropertyHive
PropertyHive
Researcher
CVE-ID
CVE-2024-4335
CVE-2024-4335
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Researcher
CVE-ID
CVE-2024-3991
CVE-2024-3991
Patch Status
Patched
Patched
Published
May 2, 2024
May 2, 2024
Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-ID
CVE-2024-4383
CVE-2024-4383
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Simple Membership
Simple Membership
Researcher
CVE-ID
CVE-2024-4092
CVE-2024-4092
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Slider Revolution
Slider Revolution
Researcher
CVE-ID
CVE-2024-33938
CVE-2024-33938
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Sliding Widgets
Sliding Widgets
Researcher
CVE-ID
CVE-2024-4334
CVE-2024-4334
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
Researcher
Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
6.4
CVE-ID
CVE-2024-3916
CVE-2024-3916
Patch Status
Unpatched
Unpatched
Published
May 3, 2024
May 3, 2024
Affected Software
Swift Framework
Swift Framework
Researcher
CVE-ID
CVE-2024-4036
CVE-2024-4036
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
Sydney Toolbox
Sydney Toolbox
Researcher
CVE-ID
CVE-2024-4193
CVE-2024-4193
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Testimonial Slider
Testimonial Slider
Researcher
CVE-ID
CVE-2024-33948
CVE-2024-33948
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
TweetScroll Widget
TweetScroll Widget
Researcher
CVE-ID
CVE-2024-33952
CVE-2024-33952
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Unique
Unique
Researcher
CVE-ID
CVE-2024-4000
CVE-2024-4000
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
WordPress Header Builder Plugin – Pearl
WordPress Header Builder Plugin – Pearl
Researcher
CVE-ID
CVE-2024-3490
CVE-2024-3490
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
WP Recipe Maker
WP Recipe Maker
Researcher
CVE-ID
CVE-2024-3550
CVE-2024-3550
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate
WP Shortcodes Plugin — Shortcodes Ultimate
Researcher
CVE-ID
CVE-2024-4324
CVE-2024-4324
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
WP Video Lightbox
WP Video Lightbox
Researcher
CVE-ID
CVE-2024-3942
CVE-2024-3942
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher
CVE-ID
CVE-2024-1677
CVE-2024-1677
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Researcher
CVE-ID
CVE-2024-0848
CVE-2024-0848
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
AA Cash Calculator
AA Cash Calculator
Researcher
CVE-ID
CVE-2024-4133
CVE-2024-4133
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Researcher
CVE-ID
CVE-2024-33928
CVE-2024-33928
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
CodeBard's Patron Button and Widgets for Patreon
CodeBard's Patron Button and Widgets for Patreon
Researcher
CVE-ID
CVE-2024-3917
CVE-2024-3917
Patch Status
Unpatched
Unpatched
Published
May 2, 2024
May 2, 2024
Affected Software
Pet Manager
Pet Manager
Researcher
CVE-ID
CVE-2024-34367
CVE-2024-34367
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Researcher
CVE-ID
CVE-2024-33924
CVE-2024-33924
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Realtyna Organic IDX plugin + WPL Real Estate
Realtyna Organic IDX plugin + WPL Real Estate
Researcher
CVE-ID
CVE-2024-33947
CVE-2024-33947
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Researcher
CVE-ID
CVE-2024-4289
CVE-2024-4289
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Sailthru Triggermail
Sailthru Triggermail
Researcher
CVE-ID
CVE-2024-4150
CVE-2024-4150
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Simple Basic Contact Form
Simple Basic Contact Form
Researcher
CVE-ID
CVE-2024-34369
CVE-2024-34369
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Web Push Notifications – Webpushr
Web Push Notifications – Webpushr
Researcher
CVE-ID
CVE-2024-33946
CVE-2024-33946
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
WPify Woo Czech
WPify Woo Czech
Researcher
CVE-ID
CVE-2024-4372
CVE-2024-4372
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Carousel Slider
Carousel Slider
Researcher
CVE-ID
CVE-2024-2752
CVE-2024-2752
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Where Did You Hear About Us Checkout Field for WooCommerce
Where Did You Hear About Us Checkout Field for WooCommerce
Researcher
CVE-ID
CVE-2024-1809
CVE-2024-1809
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Researcher
CVE-ID
CVE-2024-3237
CVE-2024-3237
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
ConvertPlus
ConvertPlus
Researcher
CVE-ID
CVE-2024-33914
CVE-2024-33914
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Exclusive Addons for Elementor
Exclusive Addons for Elementor
Researcher
CVE-ID
CVE-2024-3868
CVE-2024-3868
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
Researcher
CVE-ID
CVE-2024-33949
CVE-2024-33949
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Min and Max Purchase for WooCommerce
Min and Max Purchase for WooCommerce
Researcher
CVE-ID
CVE-2024-3918
CVE-2024-3918
Patch Status
Unpatched
Unpatched
Published
May 2, 2024
May 2, 2024
Affected Software
Pet Manager
Pet Manager
Researcher
Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-ID
CVE-2024-4203
CVE-2024-4203
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2024-33930
CVE-2024-33930
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Share This Image
Share This Image
Researcher
CVE-ID
CVE-2023-7065
CVE-2023-7065
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms
Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms
Researcher
CVE-ID
CVE-2024-2109
CVE-2024-2109
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Booster Extension
Booster Extension
Researcher
CVE-ID
CVE-2024-3649
CVE-2024-3649
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
Researcher
CVE-ID
CVE-2024-33920
CVE-2024-33920
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Democracy Poll
Democracy Poll
Researcher
CVE-ID
CVE-2024-33910
CVE-2024-33910
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
WordPress Flipbook by Supsystic
WordPress Flipbook by Supsystic
Researcher
CVE-ID
CVE-2024-33929
CVE-2024-33929
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings
Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings
Researcher
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.7 - Sensitive Information Exposure
5.3
CVE-ID
CVE-2024-3717
CVE-2024-3717
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Drag and Drop Multiple File Upload – Contact Form 7
Drag and Drop Multiple File Upload – Contact Form 7
Researcher
CVE-ID
CVE-2024-34370
CVE-2024-34370
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory
Researcher
CVE-ID
CVE-2024-33909
CVE-2024-33909
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
iPages Flipbook For WordPress
iPages Flipbook For WordPress
Researcher
CVE-ID
CVE-2024-33941
CVE-2024-33941
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
iPanorama 360 – WordPress Virtual Tour Builder
iPanorama 360 – WordPress Virtual Tour Builder
Researcher
CVE-ID
CVE-2024-33931
CVE-2024-33931
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
JW Player for WordPress
JW Player for WordPress
Researcher
CVE-ID
CVE-2024-2797
CVE-2024-2797
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
MailerLite – Signup forms (official)
MailerLite – Signup forms (official)
Researcher
CVE-ID
CVE-2024-33939
CVE-2024-33939
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress
Masteriyo LMS – eLearning and Online Course Builder for WordPress
Researcher
CVE-ID
CVE-2024-33922
CVE-2024-33922
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Media Cleaner: Clean your WordPress!
Media Cleaner: Clean your WordPress!
Researcher
CVE-ID
CVE-2024-34368
CVE-2024-34368
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Mooberry Book Manager
Mooberry Book Manager
Researcher
CVE-ID
CVE-2024-34372
CVE-2024-34372
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.26.2 - Missing Authorization
5.3
CVE-ID
CVE-2024-33907
CVE-2024-33907
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
Researcher
CVE-ID
CVE-2024-34382
CVE-2024-34382
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Photo Gallery, Images, Slider in Rbs Image Gallery
Photo Gallery, Images, Slider in Rbs Image Gallery
Researcher
CVE-ID
CVE-2024-33919
CVE-2024-33919
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
RomethemeKit For Elementor
RomethemeKit For Elementor
Researcher
CVE-ID
CVE-2024-34383
CVE-2024-34383
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
SEOPress – On-site SEO
SEOPress – On-site SEO
Researcher
CVE-ID
CVE-2023-6327
CVE-2023-6327
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
CVE-ID
CVE-2024-1229
CVE-2024-1229
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
SimpleShop
SimpleShop
Researcher
CVE-ID
CVE-2024-32820
CVE-2024-32820
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Social Share Icons & Social Share Buttons
Social Share Icons & Social Share Buttons
Researcher
CVE-ID
CVE-2024-1678
CVE-2024-1678
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Subway – Private Site Option
Subway – Private Site Option
Researcher
CVE-ID
CVE-2024-3915
CVE-2024-3915
Patch Status
Unpatched
Unpatched
Published
May 3, 2024
May 3, 2024
Affected Software
Swift Framework
Swift Framework
Researcher
CVE-ID
CVE-2024-34377
CVE-2024-34377
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery
Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery
Researcher
CVE-ID
CVE-2024-33908
CVE-2024-33908
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
All-in-One Addons for Elementor – WidgetKit
All-in-One Addons for Elementor – WidgetKit
Researcher
CVE-ID
CVE-2024-1688
CVE-2024-1688
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Woo Total Sales
Woo Total Sales
Researcher
CVE-ID
CVE-2024-33944
CVE-2024-33944
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
AWeber for WooCommerce
AWeber for WooCommerce
Researcher
CVE-ID
CVE-2024-33917
CVE-2024-33917
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
WTI Like Post
WTI Like Post
Researcher
CVE-ID
CVE-2024-2401
CVE-2024-2401
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Admin Page Spider
Admin Page Spider
Researcher
CVE-ID
CVE-2024-3023
CVE-2024-3023
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
AnnounceKit
AnnounceKit
Researcher
CVE-ID
CVE-2024-33950
CVE-2024-33950
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Archives Calendar Widget
Archives Calendar Widget
Researcher
CVE-ID
CVE-2024-2220
CVE-2024-2220
Patch Status
Patched
Patched
Published
May 2, 2024
May 2, 2024
Affected Software
Call / Contact Button
Call / Contact Button
Researcher
CVE-ID
CVE-2024-34380
CVE-2024-34380
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
ChatBot Conversational Forms
ChatBot Conversational Forms
Researcher
CVE-ID
CVE-2024-34366
CVE-2024-34366
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Researcher
CVE-ID
CVE-2024-33940
CVE-2024-33940
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
EventON
EventON
Researcher
CVE-ID
CVE-2024-3920
CVE-2024-3920
Patch Status
Unpatched
Unpatched
Published
May 2, 2024
May 2, 2024
Affected Software
Flattr
Flattr
Researcher
CVE-ID
CVE-2024-2967
CVE-2024-2967
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor
Researcher
CVE-ID
CVE-2024-3594
CVE-2024-3594
Patch Status
Patched
Patched
Published
May 1, 2024
May 1, 2024
Affected Software
IDonate – Blood Donation, Request And Donor Management System
IDonate – Blood Donation, Request And Donor Management System
Researcher
CVE-ID
CVE-2024-3021
CVE-2024-3021
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Mhr Post Ticker
Mhr Post Ticker
Researcher
CVE-ID
CVE-2024-4290
CVE-2024-4290
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Sailthru Triggermail
Sailthru Triggermail
Researcher
Sheets To WP Table Live Sync <= 3.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-34375
CVE-2024-34375
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
CVE-ID
CVE-2024-4433
CVE-2024-4433
Patch Status
Unpatched
Unpatched
Published
May 2, 2024
May 2, 2024
Affected Software
Simple Image Popup
Simple Image Popup
Researcher
Social Icons Widget & Block <= 4.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-2189
CVE-2024-2189
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Social Icons Widget & Block by WPZOOM
Social Icons Widget & Block by WPZOOM
Researcher
CVE-ID
CVE-2024-4061
CVE-2024-4061
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Survey Maker
Survey Maker
Researcher
CVE-ID
CVE-2024-2958
CVE-2024-2958
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
SVS Pricing Tables
SVS Pricing Tables
Researcher
Tabellen von faustball.com <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-4085
CVE-2024-4085
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Tabellen von faustball.com
Tabellen von faustball.com
Researcher
Ultimate Under Construction <= 1.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-33943
CVE-2024-33943
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Ultimate Under Construction
Ultimate Under Construction
Researcher
CVE-ID
CVE-2024-0847
CVE-2024-0847
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
5280 Bootstrap Modal Contact Form
5280 Bootstrap Modal Contact Form
Researcher
CVE-ID
CVE-2024-33912
CVE-2024-33912
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Researcher
CVE-ID
CVE-2024-3072
CVE-2024-3072
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
ACF Front End Editor
ACF Front End Editor
Researcher
CVE-ID
CVE-2024-3071
CVE-2024-3071
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
ACF On-The-Go
ACF On-The-Go
Researcher
CVE-ID
CVE-2024-33956
CVE-2024-33956
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Custom WooCommerce Checkout Fields Editor
Custom WooCommerce Checkout Fields Editor
Researcher
CVE-ID
CVE-2024-33915
CVE-2024-33915
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Debug Log Manager
Debug Log Manager
Researcher
CVE-ID
CVE-2024-3206
CVE-2024-3206
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Researcher
CVE-ID
CVE-2024-4083
CVE-2024-4083
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Easy Restaurant Table Booking
Easy Restaurant Table Booking
Researcher
CVE-ID
CVE-2024-33925
CVE-2024-33925
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Embed Google Fonts
Embed Google Fonts
Researcher
CVE-ID
CVE-2024-33942
CVE-2024-33942
Patch Status
Unpatched
Unpatched
Published
Apr 30, 2024
Apr 30, 2024
Affected Software
Google Typography
Google Typography
Researcher
CVE-ID
CVE-2024-1050
CVE-2024-1050
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Import and export users and customers
Import and export users and customers
Researcher
CVE-ID
CVE-2024-34371
CVE-2024-34371
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Login with phone number
Login with phone number
Researcher
CVE-ID
CVE-2024-33937
CVE-2024-33937
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
Progressive WordPress (PWA)
Progressive WordPress (PWA)
Researcher
CVE-ID
CVE-2024-34379
CVE-2024-34379
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
Restaurant and Cafe
Restaurant and Cafe
Researcher
CVE-ID
CVE-2024-33921
CVE-2024-33921
Patch Status
Patched
Patched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
ReviewX – Multi-criteria Rating & Reviews for WooCommerce
ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Researcher
CVE-ID
CVE-2024-1230
CVE-2024-1230
Patch Status
Patched
Patched
Published
May 3, 2024
May 3, 2024
Affected Software
SimpleShop
SimpleShop
Researcher
CVE-ID
CVE-2024-33923
CVE-2024-33923
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
SP Project & Document Manager
SP Project & Document Manager
Researcher
CVE-ID
CVE-2024-2960
CVE-2024-2960
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
SVS Pricing Tables
SVS Pricing Tables
Researcher
CVE-ID
CVE-2024-2959
CVE-2024-2959
Patch Status
Unpatched
Unpatched
Published
Apr 29, 2024
Apr 29, 2024
Affected Software
SVS Pricing Tables
SVS Pricing Tables
Researcher
CVE-ID
CVE-2024-3936
CVE-2024-3936
Patch Status
Patched
Patched
Published
Apr 30, 2024
Apr 30, 2024
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments